[PW_SID:970621] SHA-512 library functions#504
Conversation
Rename existing functions and structs in architecture-optimized SHA-512 code that had names conflicting with the upcoming library interface which will be added to <crypto/sha2.h>: sha384_init, sha512_init, sha512_update, sha384, and sha512. Note: all affected code will be superseded by later commits that migrate the arch-optimized SHA-512 code into the library. This commit simply keeps the kernel building for the initial introduction of the library. Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Linux RISC-V bot <linux.riscv.bot@gmail.com>
Add basic support for SHA-384 and SHA-512 to lib/crypto/. Various in-kernel users will be able to use this instead of the old-school crypto API, which is harder to use and has more overhead. The basic support added by this commit consists of the API and its documentation, backed by a C implementation of the algorithms. sha512_block_generic() is derived from crypto/sha512_generic.c. Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Linux RISC-V bot <linux.riscv.bot@gmail.com>
Since HMAC support is commonly needed and is fairly simple, include it as a first-class citizen of the SHA-512 library. The API supports both incremental and one-shot computation, and either preparing the key ahead of time or just using a raw key. The implementation is much more streamlined than crypto/hmac.c. Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Linux RISC-V bot <linux.riscv.bot@gmail.com>
Add KUnit tests for the SHA-384 and SHA-512 library functions, including the corresponding HMAC support. Testing strategy: - Each SHA variant gets its own KUnit test suite, but a header is used to share most of the test code among the SHA variants. - Test against vectors generated by the Python hashlib and hmac modules. - Test incremental computation. - Test with a guard page to catch buffer overruns even in assembly code. - Test various overlap and alignment cases. - Compute hashes in task, softirq, and hardirq context in parallel, to verify that the functions work as expected in all contexts and that fallback code paths are exercised. - Test that the finalization functions zeroize their context. - Include benchmarks, guarded by a separate Kconfig option. Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Linux RISC-V bot <linux.riscv.bot@gmail.com>
Add KUnit tests for the SHA-224 and SHA-256 library functions, using the test template that was added by the previous commit. Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Linux RISC-V bot <linux.riscv.bot@gmail.com>
sha512_generic_block_fn() will no longer be available when the SHA-512 support in the old-school crypto API is changed to just wrap the SHA-512 library. Replace the use of sha512_generic_block_fn() in sha512-riscv64-glue.c with temporary code that uses the library's __sha512_update(). This is just a temporary workaround to keep the kernel building and functional at each commit; this code gets superseded when the RISC-V optimized SHA-512 is migrated to lib/crypto/ anyway. Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Linux RISC-V bot <linux.riscv.bot@gmail.com>
…ibrary Delete crypto/sha512_generic.c, which provided "generic" SHA-384 and SHA-512 crypto_shash algorithms. Replace it with crypto/sha512.c which provides SHA-384, SHA-512, HMAC-SHA384, and HMAC-SHA512 crypto_shash algorithms using the corresponding library functions. This is a prerequisite for migrating all the arch-optimized SHA-512 code (which is almost 3000 lines) to lib/crypto/ rather than duplicating it. Since the replacement crypto_shash algorithms are implemented using the (potentially arch-optimized) library functions, give them cra_driver_names ending with "-lib" rather than "-generic". Update crypto/testmgr.c and one odd driver to take this change in driver name into account. Besides these cases which are accounted for, there are no known cases where the cra_driver_name was being depended on. This change does mean that the abstract partial block handling code in crypto/shash.c, which got added in 6.16, no longer gets used. But that's fine; the library has to implement the partial block handling anyway, and it's better to do it in the library since the block size and other properties of the algorithm are all fixed at compile time there, resulting in more streamlined code. Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Linux RISC-V bot <linux.riscv.bot@gmail.com>
Instead of exposing the arm-optimized SHA-512 code via arm-specific crypto_shash algorithms, instead just implement the sha512_blocks() library function. This is much simpler, it makes the SHA-512 (and SHA-384) library functions be arm-optimized, and it fixes the longstanding issue where the arm-optimized SHA-512 code was disabled by default. SHA-512 still remains available through crypto_shash, but individual architectures no longer need to handle it. To match sha512_blocks(), change the type of the nblocks parameter of the assembly functions from int to size_t. The assembly functions actually already treated it as size_t. Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Linux RISC-V bot <linux.riscv.bot@gmail.com>
Instead of exposing the arm64-optimized SHA-512 code via arm64-specific crypto_shash algorithms, instead just implement the sha512_blocks() library function. This is much simpler, it makes the SHA-512 (and SHA-384) library functions be arm64-optimized, and it fixes the longstanding issue where the arm64-optimized SHA-512 code was disabled by default. SHA-512 still remains available through crypto_shash, but individual architectures no longer need to handle it. To match sha512_blocks(), change the type of the nblocks parameter of the assembly functions from int or 'unsigned int' to size_t. Update the ARMv8 CE assembly function accordingly. The scalar assembly function actually already treated it as size_t. Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Linux RISC-V bot <linux.riscv.bot@gmail.com>
Since arch/mips/cavium-octeon/crypto/octeon-crypto.h is now needed outside of its directory, move it to arch/mips/include/asm/octeon/crypto.h so that it can be included as <asm/octeon/crypto.h>. Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Linux RISC-V bot <linux.riscv.bot@gmail.com>
Instead of exposing the mips-optimized SHA-512 code via mips-specific crypto_shash algorithms, instead just implement the sha512_blocks() library function. This is much simpler, it makes the SHA-512 (and SHA-384) library functions be mips-optimized, and it fixes the longstanding issue where the mips-optimized SHA-512 code was disabled by default. SHA-512 still remains available through crypto_shash, but individual architectures no longer need to handle it. Note: to see the diff from arch/mips/cavium-octeon/crypto/octeon-sha512.c to lib/crypto/mips/sha512.h, view this commit with 'git show -M10'. Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Linux RISC-V bot <linux.riscv.bot@gmail.com>
Instead of exposing the riscv-optimized SHA-512 code via riscv-specific crypto_shash algorithms, instead just implement the sha512_blocks() library function. This is much simpler, it makes the SHA-512 (and SHA-384) library functions be riscv-optimized, and it fixes the longstanding issue where the riscv-optimized SHA-512 code was disabled by default. SHA-512 still remains available through crypto_shash, but individual architectures no longer need to handle it. To match sha512_blocks(), change the type of the nblocks parameter of the assembly function from int to size_t. The assembly function actually already treated it as size_t. Note: to see the diff from arch/riscv/crypto/sha512-riscv64-glue.c to lib/crypto/riscv/sha512.h, view this commit with 'git show -M10'. Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Linux RISC-V bot <linux.riscv.bot@gmail.com>
Instead of exposing the s390-optimized SHA-512 code via s390-specific crypto_shash algorithms, instead just implement the sha512_blocks() library function. This is much simpler, it makes the SHA-512 (and SHA-384) library functions be s390-optimized, and it fixes the longstanding issue where the s390-optimized SHA-512 code was disabled by default. SHA-512 still remains available through crypto_shash, but individual architectures no longer need to handle it. Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Linux RISC-V bot <linux.riscv.bot@gmail.com>
Instead of exposing the sparc-optimized SHA-512 code via sparc-specific crypto_shash algorithms, instead just implement the sha512_blocks() library function. This is much simpler, it makes the SHA-512 (and SHA-384) library functions be sparc-optimized, and it fixes the longstanding issue where the sparc-optimized SHA-512 code was disabled by default. SHA-512 still remains available through crypto_shash, but individual architectures no longer need to handle it. To match sha512_blocks(), change the type of the nblocks parameter of the assembly function from int to size_t. The assembly function actually already treated it as size_t. Note: to see the diff from arch/sparc/crypto/sha512_glue.c to lib/crypto/sparc/sha512.h, view this commit with 'git show -M10'. Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Linux RISC-V bot <linux.riscv.bot@gmail.com>
Instead of exposing the x86-optimized SHA-512 code via x86-specific crypto_shash algorithms, instead just implement the sha512_blocks() library function. This is much simpler, it makes the SHA-512 (and SHA-384) library functions be x86-optimized, and it fixes the longstanding issue where the x86-optimized SHA-512 code was disabled by default. SHA-512 still remains available through crypto_shash, but individual architectures no longer need to handle it. To match sha512_blocks(), change the type of the nblocks parameter of the assembly functions from int to size_t. The assembly functions actually already treated it as size_t. Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Linux RISC-V bot <linux.riscv.bot@gmail.com>
sha512_base.h is no longer used, so remove it. Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Linux RISC-V bot <linux.riscv.bot@gmail.com>
|
Patch 1: "[01/16] crypto: sha512 - rename conflicting symbols" |
|
Patch 1: "[01/16] crypto: sha512 - rename conflicting symbols" |
|
Patch 1: "[01/16] crypto: sha512 - rename conflicting symbols" |
|
Patch 1: "[01/16] crypto: sha512 - rename conflicting symbols" |
|
Patch 1: "[01/16] crypto: sha512 - rename conflicting symbols" |
|
Patch 1: "[01/16] crypto: sha512 - rename conflicting symbols" |
|
Patch 1: "[01/16] crypto: sha512 - rename conflicting symbols" |
|
Patch 1: "[01/16] crypto: sha512 - rename conflicting symbols" |
|
Patch 1: "[01/16] crypto: sha512 - rename conflicting symbols" |
|
Patch 1: "[01/16] crypto: sha512 - rename conflicting symbols" |
|
Patch 1: "[01/16] crypto: sha512 - rename conflicting symbols" |
|
Patch 1: "[01/16] crypto: sha512 - rename conflicting symbols" |
|
Patch 2: "[02/16] lib/crypto/sha512: add support for SHA-384 and SHA-512" |
|
Patch 2: "[02/16] lib/crypto/sha512: add support for SHA-384 and SHA-512" |
|
Patch 14: "[14/16] lib/crypto/sha512: migrate sparc-optimized SHA-512 code to library" |
|
Patch 14: "[14/16] lib/crypto/sha512: migrate sparc-optimized SHA-512 code to library" |
|
Patch 14: "[14/16] lib/crypto/sha512: migrate sparc-optimized SHA-512 code to library" |
|
Patch 14: "[14/16] lib/crypto/sha512: migrate sparc-optimized SHA-512 code to library" |
|
Patch 14: "[14/16] lib/crypto/sha512: migrate sparc-optimized SHA-512 code to library" |
|
Patch 14: "[14/16] lib/crypto/sha512: migrate sparc-optimized SHA-512 code to library" |
|
Patch 15: "[15/16] lib/crypto/sha512: migrate x86-optimized SHA-512 code to library" |
|
Patch 15: "[15/16] lib/crypto/sha512: migrate x86-optimized SHA-512 code to library" |
|
Patch 15: "[15/16] lib/crypto/sha512: migrate x86-optimized SHA-512 code to library" |
|
Patch 15: "[15/16] lib/crypto/sha512: migrate x86-optimized SHA-512 code to library" |
|
Patch 15: "[15/16] lib/crypto/sha512: migrate x86-optimized SHA-512 code to library" |
|
Patch 15: "[15/16] lib/crypto/sha512: migrate x86-optimized SHA-512 code to library" |
|
Patch 15: "[15/16] lib/crypto/sha512: migrate x86-optimized SHA-512 code to library" |
|
Patch 15: "[15/16] lib/crypto/sha512: migrate x86-optimized SHA-512 code to library" |
|
Patch 15: "[15/16] lib/crypto/sha512: migrate x86-optimized SHA-512 code to library" |
|
Patch 15: "[15/16] lib/crypto/sha512: migrate x86-optimized SHA-512 code to library" |
|
Patch 15: "[15/16] lib/crypto/sha512: migrate x86-optimized SHA-512 code to library" |
|
Patch 15: "[15/16] lib/crypto/sha512: migrate x86-optimized SHA-512 code to library" |
|
Patch 16: "[16/16] crypto: sha512 - remove sha512_base.h" |
|
Patch 16: "[16/16] crypto: sha512 - remove sha512_base.h" |
|
Patch 16: "[16/16] crypto: sha512 - remove sha512_base.h" |
|
Patch 16: "[16/16] crypto: sha512 - remove sha512_base.h" |
|
Patch 16: "[16/16] crypto: sha512 - remove sha512_base.h" |
|
Patch 16: "[16/16] crypto: sha512 - remove sha512_base.h" |
|
Patch 16: "[16/16] crypto: sha512 - remove sha512_base.h" |
|
Patch 16: "[16/16] crypto: sha512 - remove sha512_base.h" |
|
Patch 16: "[16/16] crypto: sha512 - remove sha512_base.h" |
|
Patch 16: "[16/16] crypto: sha512 - remove sha512_base.h" |
|
Patch 16: "[16/16] crypto: sha512 - remove sha512_base.h" |
|
Patch 16: "[16/16] crypto: sha512 - remove sha512_base.h" |
2 participants
PR for series 970621 applied to workflow__riscv__fixes
Name: SHA-512 library functions
URL: https://patchwork.kernel.org/project/linux-riscv/list/?series=970621
Version: 1